AWS has activated nested virtualization capabilities for C8i, M8i, and R8i EC2 instances powered by Intel Xeon 6 processors, enabling users to run hypervisors within virtual machines for development, testing, and specialized workloads.
Amazon Web Services has expanded its virtualization capabilities by enabling nested virtualization for three EC2 instance types: C8i, M8i, and R8i. This feature allows users to run hypervisors within virtual machine instances, creating multi-layer virtualized environments.
Nested virtualization operates through three distinct layers: the physical AWS infrastructure and Nitro hypervisor (L0), the EC2 instance running a hypervisor (L1), and virtual machines created within that instance (L2). The Nitro system facilitates this architecture by exposing processor extensions like Intel VT-x to instances, enabling the creation of nested VMs.
The newly supported instances leverage Intel's Xeon 6 processors featuring enhanced Trust Domain Extensions (TDX) technology, which strengthens isolation between guest operating systems and hypervisors. This hardware-level security enhancement makes these instances suitable for sensitive workloads requiring strict isolation boundaries.
AWS currently supports Microsoft Hyper-V and open-source KVM as L1 hypervisors. This configuration enables several practical use cases, including:
- Running mobile application emulators
- Simulating automotive in-vehicle hardware environments
- Operating Windows Subsystem for Linux (WSL) on cloud-based Windows workstations
- Creating containerized workloads where tools like Kubernetes run within VMs
- Building test environments replicating complex multi-VM enterprise architectures
While AWS previously offered nested virtualization on bare-metal instances, this marks its introduction for virtualized instances. The cloud provider joins Azure and Google Cloud in offering this capability, though GCP currently only supports KVM. Notably absent is VMware ESXi support, which remains exclusive to AWS's Elastic VMware Service due to Broadcom's licensing policies.
The feature is available immediately in AWS regions where C8i, M8i, and R8i instances are offered. Organizations implementing nested virtualization should consider these architectural constraints:
- Performance overhead from multiple virtualization layers
- Resource allocation planning for L1 and L2 instances
- Security configuration for nested environments
- Networking considerations for multi-layer VM communication
Administrators can enable nested virtualization by configuring their L1 hypervisor to access the exposed VT-x extensions. AWS documentation provides detailed implementation guidance for both Hyper-V and KVM setups.
Comments
Please log in or register to join the discussion